Skip to content

Commit

Permalink
Update middleware.py
Browse files Browse the repository at this point in the history
  • Loading branch information
robertavram committed May 10, 2024
1 parent 0a76037 commit 5220bbd
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions src/etools/applications/core/middleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -134,12 +134,13 @@ def __init__(self, get_response):
def __call__(self, request):
# Check if the request method is not GET
if request.method != 'GET':
if not any(request.path.startswith(path) for path in settings.READ_ONLY_EXCLUDED_PATHS):
# Check if the user is authenticated and belongs to the "Read Only" group
user_group_names = [g.name for g in request.user.groups]
if request.user.is_authenticated and 'Read Only' in user_group_names:
# Return a 403 Forbidden response
return HttpResponseForbidden("You don't have permission to perform this action.")
if request.user.is_authenticated:
if not any(request.path.startswith(path) for path in settings.READ_ONLY_EXCLUDED_PATHS):
# Check if the user is authenticated and belongs to the "Read Only" group
user_group_names = [g.name for g in request.user.groups]
if 'Read Only' in user_group_names:
# Return a 403 Forbidden response
return HttpResponseForbidden("You don't have permission to perform this action.")

# Pass the request to the next middleware or view
response = self.get_response(request)
Expand Down

0 comments on commit 5220bbd

Please sign in to comment.